Note: Some parts of the text in this article were drafted using AI. 

Introduction

In business apps like CRM, we use rich text in many places (when composing emails, comments on records, contact details, task descriptions, deal descriptions, invoice terms of service, proposal templates, email templates, web pages, and landing pages).

Traditional rich text editors save the content in HTML format and process the content as HTML which makes it vulnerable to hackers who can inject commands that can expose other data on the server.  New editors use the Markdown format which is lighter, more secure, and is also more friendly for AI processing (for sentiment analysis, summarization, and even AI generation). 

Vtiger will soon support a Lite RTE field which will save content in Markdown format (instead of HTML format)

This article presents the benefits of using the Markdown editor over the HTML Editor for many of the use cases.

Use Cases for Markdown & HTML Format

Markdown use cases

• Comment text on records (comments on a deal, task, contact, org, invoice, ...)
• Chat messages from customers and agents.
• Description field  in CRM records (E.g. Deal description, Contact details, Task description, Article description)
• Event Description (agenda text in meeting invite)
• AI Alerts
• AI summaries
• Forum posts
• Blog posts
• Learning content: Help documentation, Article Text, FAQs, Course Descriptions, Quiz Questions, etc.

HTML use cases

• Email content - Most email clients do not render markdown syntax. Hence email content should be sent in HTML format.
• Webpage content - Browsers do not render markdown syntax natively (you can install extensions to view markdown formatted text in browsers).

9 Reasons for Markdown over HTML

• Markdown is more secure
• AI-friendly
• Lightweight & Fast
• Supports version-control 
• Simple and easier-to-use
• Readable even as plain text
• Easy conversion to other formats
• Supports inline code & syntax highlighting
• Supported in Github, and VSCode

Markdown is more secure

Markdown is inherently safer because it limits functionality to just text formatting, preventing script execution, CSS injection, and hidden attacks. WYSIWYG editors require extensive security measures to be equally safe.

• Reduced Risk of XSS (Cross-Site Scripting) Attacks
  • Markdown: Does not allow execution of scripts (JavaScript), making it inherently safer.
  • WYSIWYG/HTML Editors: Often allow raw HTML input, which can include
  • In Markdown: This would be treated as plain text, not executed.
  • In WYSIWYG (if not properly sanitized): This could execute malicious code in a browser
•  No Dangerous Inline JavaScript
  • Markdown: Only allows basic formatting (#, *, [](), etc.), so no JavaScript execution.
  • WYSIWYG/HTML: Allows users to insert
  • ✅ Markdown does not support iframes.
• Less Attack Surface for Injection Attacks 🚨 Example HTML Attack:
  • ✅ Markdown doesn’t execute this.

Simpler and Safer Storage Format

• Markdown: Has a limited syntax that doesn’t allow execution of arbitrary code.
• WYSIWYG: Uses complex parsing engines that may be vulnerable to injection attacks (e.g., SQL Injection if improperly sanitized).
• Markdown: Stored as plain text, reducing risk of hidden malicious payloads.
• WYSIWYG: Stores HTML, which can contain hidden
• ✅ Markdown eliminates these risks by storing only readable, non-executable text.

Markdown text is more AI-friendly

Markdown-based editors (like Notion) are generally more AI-friendly compared to WYSIWYG HTML editors (like CKEditor) due to several key reasons:

• Structured but Lightweight Formatting
• Easier AI Content Generation
• Minimalist and Consistent Formatting
• Better for AI-powered editing and Collaboration
• Easier Diffing and Version Control
• Performance & Simplicity
• Fewer Tokens consumption

• Markdown is a simple, human-readable text format that AI can easily parse and manipulate. It uses symbols like # for headers, ** for bold, and []() for links, making it straightforward for AI to generate and edit content.
• HTML editors, on the other hand, generate complex nested.
• , , and inline CSS, making it harder for AI to efficiently interpret and modify content.
• AI can generate Markdown much more naturally than HTML. Writing **bold text** is simpler than bold text or dealing with bold text.
• Markdown avoids the excessive tags and styling complications that often come with WYSIWYG editors.
• Markdown ensures consistent formatting across different platforms with minimal variations.
• WYSIWYG editors like CKEditor allow extensive inline styling, which makes AI-based formatting predictions harder and can lead to inconsistent results.
• Notion’s Markdown-based editor allows AI to seamlessly edit, rewrite, and restructure content without breaking the formatting.
• CKEditor, being HTML-based, requires AI to manage HTML tags and CSS rules, which increases the risk of unintended layout distortions.
• Markdown files are just plain text, making it easy for AI to compare changes, track edits, and suggest improvements.
• HTML is more verbose and difficult to diff efficiently without introducing unintended layout changes.
• Markdown-based editors are generally lighter and faster, requiring fewer computational resources to render and process.
• CKEditor and other HTML-based editors need a full rendering engine and handle complex interactions, making AI-powered automation less efficient.